Nav view search

Navigation

Search

Comcast Network Management

Comcast is committed to providing the best online experience possible for all of its customers. The company uses reasonable network management practices that are consistent with industry standards. Managing the network is essential as Comcast works to promote the use and enjoyment of the Internet by all its customers.

Primarily, adoption of the Mutually Agreed Norms for Routing Security requires that Internet Service Providers (ISPs) explicitly filter routing announcements received from their customer networks at the “prefix” level. Comcast has been employing this method for at least the past several years and expects neighboring networks to do the same.

Additionally, this calls for networks to take steps to prevent network spoofing, which is central to curtailing many amplification and/or distributed denial of service (DDoS) attacks. These attacks take advantage of the fact that some networks have not taken steps to prevent network address spoofing.

Finally, the Mutually Agreed Norms for Routing Security asks that ISPs maintain usable contact information and coordination capability for real-time troubleshooting between network operators, to which Comcast is also committed. We hope that other ISPs will adopt the guidance in the Mutually Agreed Norms for Routing Security in order that we may improve the stability and reliability of the Internet upon which we all depend.

In response to malicious network activity, we have implemented a block of TCP port 0 traffic. The Internet Assigned Numbers Authority (IANA) lists TCP port 0 as a reserved port, which means it should not be used by applications. Based on testing, we believe this block prevents network abuse and should not impact legitimate traffic. A full list of blocked ports can be found here.

At Comcast, we periodically review and revise our website to ensure that customers have the latest information about our services. We have revised our Internet service performance webpage to give customers the latest information to help them make informed choices. You can read more about the performance of our Internet service here.

Primarily, adoption of the Routing Resilience Manifesto requires that Internet Service Providers (ISPs) filter routing announcements received from their customer networks explicitly at the “prefix” level. Comcast has been employing this method for at least the past several years and expects neighboring networks to do the same.

Additionally, the Routing Resilience Manifesto calls for networks to take steps to prevent network spoofing, which is central to curtailing many amplification and/or distributed denial of service (DDoS) attacks. These attacks take advantage of the fact that some networks have not taken steps to prevent network address spoofing. Comcast takes several steps to prevent network spoofing, and a list of FAQs on subject can be found here.

Finally, the Manifesto asks that ISPs maintain usable contact information and coordination capability for real-time troubleshooting between network operators, to which Comcast is also committed. We hope that other ISPs will adopt the guidance in the Routing Resilience Manifesto in order that we may improve the stability and reliability of the Internet upon which we all depend.

NetForecast's independent assessment of Comcast's data usage meter confirms it to be accurate within +/-1% with an APDEX score of .98, which is described as excellent. The report provides an overview of how our usage management platform works, NetForecast's validation methodology, and the overall performance rating. We recently contracted with them to conduct the comprehensive study, and the results have been published on their web site.

On May 20, 2011, we first posted about these rules. Those rules have now been updated to reflect that IPv6 is now required, that DOCSIS 1.1 and 2.0 modems are now or soon will be in end-of-life status, and that we are preparing for DOCSIS 3.1 modems.

These rules pertain to the attachment of devices to our High-Speed Internet network by customers. You can find information concerning the devices approved for use on the network, and the tiers of our service that they are appropriate for at http://mydeviceinfo.comcast.net. In order for a cable modem device to be approved for use on the network, it must pass CableLabs certification, UL certification, FCC certification, and Comcast DOCSIS certification testing. Comcast's current DOCSIS device testing requirements and the test scheduling process are described here.

Recently, the Internet community has taken notice of NTP amplification attacks, as well as other attacks leveraging DNS, SNMP, and other protocols. These attacks take advantage of the fact that some networks have not taken steps to prevent network address spoofing. Since we have been asked what steps Comcast takes to prevent network spoofing, we have put together an FAQ on the subject.

In short, we use one of two techniques: Unicast Reverse Path Forwarding (uRPF) verification and DOCSIS Source Address Verification (SAV). Using these techniques our customers are prevented from sending traffic with spoofed IP addresses through their cable modems.

We've announced some changes our policies on Simple Network Management Protocol (SNMP) and Simple Mail Transport Protocol (SMTP), which will affect a very small portion of our customers. You can find more information in two blog posts. One is a general post about both issues, and the other is specific to SMTP. While the policy change was announced today, implementation will occur gradually.